[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind: Can't contact LDAP server(multithreaded ldap client)

To: Rakesh Yadav <rkyadav@cdac.in>
Subject: Re: ldap_bind: Can't contact LDAP server(multithreaded ldap client)
From: Philip Guenther <guenther+ldapsoft@sendmail.com>
Date: Mon, 2 Jun 2008 20:16:38 -0600
Cc: openldap-software@openldap.org
In-reply-to: <4843F04B.1050003@cdac.in>
References: <4843F04B.1050003@cdac.in>
User-agent: Alpine 1.10 (BSO 962 2008-03-14)

On Mon, 2 Jun 2008, Rakesh Yadav wrote:

I have written a library using LDAP client API's according to my requirement. I m having RPC clients and a RPC server. This RPC server is multithreaded and uses the library which is written using LDAP client api.

The problem is :

1. I have open a single connection with LDAP server and passed the
   global LDAP * ptr to all my library calls, And i sended a search
   request from rpc client in a loop, it works and gives the result but
   as i run second request for reading data from rpc server then i get
   error from LDAP server "*Broken pipe*".

With libldap, LDAP handles do not support concurrent use. You can use a given handle from multiple threads, but only by one at a time.

Now, libldap_r does support concurrent LDAP handle use in multiple threads, but the processing of replies is effectively single-threaded: if N threads are waiting in ldap_result() for particular responses, none will return until the response is received that is needed by the first thread to call ldap_result(). This is probably not the behavior you want.

2. Then i have decided i will use seprate connection with LDAP for each
   thread and use a local LDAP *ptr for thread.  This time multiple
   requests from rpc client works for 2-3 minutes after that it also
   gives error.  "*ldap_bind :Can't contact LDAP server*"
   In this case i opened and closed a connection with LDAP server for
   each thread.


That's the method I recommend.  There are two things you need to ensure:

1) you must compile libldap with whatever compiler flags are needed to
   make the code thread-safe, such as using the per-thread errno.

2) if using TLS/SSL (whether via ldaps or StartTLS), then you need to
   compile your SSL library to be thread-safe *and* make whatever
   setup calls are necessary

For example, with OpenSSL you need to call CRYPTO_set_locking_callback() and probably CRYPTO_set_id_callback() too. You may also need to call the CRYPTO_set_dynlock_*_callback() functions; the OpenSSL docs aren't very clear on the subject...


Philip Guenther

References:
- ldap_bind: Can't contact LDAP server(multithreaded ldap client)
  - From: Rakesh Yadav <rkyadav@cdac.in>

Prev by Date: Re: Use wildcard on ipHostNumber and gidNumber attribute
Next by Date: Re: ldap_bind: Can't contact LDAP server(multithreaded ldap client)
Index(es):
- Chronological
- Thread